GCPP

Copilot-powered platform

 Provide your team access to AI pair-programming that indexes your private codebase for context-aware code completion, chat, and agent workflows.

Enterprise
Security, compliance, and flexible deployment

Enterprise

Security, compliance,
and flexible deployment

Plan Benifits

Flexible Deployment Models

Organizations can choose where data lives based on network architecture, sovereignty requirements, and risk tolerance.

  • GitHub Enterprise Cloud (GHEC): Hosted by GitHub, offering zero-maintenance overhead, global scalability, and immediate access to new features.

  • GitHub Enterprise Server (GHES): A self-hosted virtual appliance deployed on-premise or within a private cloud (AWS, Azure, GCP). Ideal for air-gapped or heavily firewalled environments requiring full infrastructure ownership.

  • GitHub Enterprise Local (Sovereign Cloud): Deployed within customer-owned infrastructure on localized private cloud platforms (like Azure Local). It is purpose-built to operate seamlessly in fully disconnected or sovereign environments to satisfy strict national data localization mandates.

  • GitHub Connect: A hybrid configuration allowing self-hosted GHES instances to securely connect to GHEC, enabling unified search, contribution tracking, and shared licensing across environments.

 

Advanced Enterprise Security

GitHub shifts security left by integrating automated detection directly into the native developer workflow, eliminating the friction of external third-party tooling.

Identity and Access Management (IAM)

  • Enterprise Managed Users (EMU): Provides complete ownership of identities. Users are provisioned and de-provisioned automatically via SCIM syncing with identity providers (IdPs) like Azure AD, Okta, or PingFederate. Personal accounts cannot mix with the enterprise ecosystem.

  • Granular Custom Roles: Beyond standard admin/read/write permissions, organizations can define highly tailored roles (e.g., Compliance Officer or Security Reviewer) to enforce the principle of least privilege.

GitHub Advanced Security (GHAS)

  • Code Scanning (CodeQL): Natively embedded Static Application Security Testing (SAST) that evaluates code on every pull request, surfaces vulnerabilities, and provides AI-powered remediation advice before code reaches production.

  • Secret Scanning & Push Protection: Scans repositories for leaked credentials (API keys, tokens, certificates). Push Protection acts as an inline firewall, actively blocking developers from committing secrets to the codebase in real time.

  • Supply Chain Security: Automatically tracks open-source dependencies via Dependabot, flags known CVEs, generates Software Bills of Materials (SBOMs), and automates security patch PRs.